摘要:
A distributed object system comprising at least one object distributing server, at least one client terminal and at least one server object execution server according to the present invention, including: an object distributing server for storing an object program to which an electronic signature is affixed; a client terminal including means for down-loading the object program from the object distributing server, means for verifying the electronic signature affixed to the object program, means for executing the client object program when the completeness of the object program is confirmed and the user of the client terminal beforehand permits execution of the client object program which is electronically signed by a signatory, and means for transmitting the electronic signature affixed to the object program to a server object execution server; and a server object execution server including means for verifying the signature received, and means for supplying services to the user of the client terminal when the completeness of the object program is confirmed and the user and the object program permit use of the services in advance, which makes it possible to prevent a client object which is down-loaded to a client terminal through a network and executed therein from carrying out unjustified processing (not intended by a user using the client terminal) by using authority of the user.
摘要:
A client-server system is provided in which access to a service by a user can properly be controlled, even if an approval by another user is required for receiving the service. First, the server 2 executes a log-in processing by using a user identifier and password transmitted from the client terminal 2, and a user control file 202. Next, the server 2 executes a service control by using a service supply request transmitted from the client terminal 1 and a service control file 42 provided with the server. When the server determines that an approval by another user is required for providing the service, the server executes the approval request to the client terminal 1 that the concerned user uses. When the reply to the approval request is affirmative, the server executes the processing in accordance with the foregoing service supply request. When the reply is negative, the server informs to the user who made the foregoing service supply request that the approval is rejected.
摘要:
A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n≧2) issue a certificate n by using a private key n′ corresponding to certificate n′ generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.
摘要:
A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.
摘要:
A Smart card-based service providing system and method, in which a service application uses resources of a common application and which can easily cope with an addition of a service application into the Smart card and thereby efficiently utilize valuable resources of the Smart card, is provided. A management application specially designed for access control is installed in the Smart card to solely manage access management information. A management of or a decision on an access right is not performed by the service application or the common application but by the management application. When a new application is added to the Smart card, the service provider device receives a permission to update access management information beforehand from the card issuer device and, based on the permission, updates the access management information.
摘要:
Upon issuance of an attribute certificate, an attribute authority apparatus makes a determination policy available. The determination policy includes information designating at least one item to be checked by a service provider apparatus for determination to be made to verify the attribute certificate, and a criterion for the determination. The determination policy may be recorded in the attribute certificate, or released to public, or made available by issuing a determination policy certificate released to public. Information for obtaining the determination policy certificate may be recorded in or outside the attribute certificate and furnished to the service provider apparatus. In order to verify an attribute certificate transmitted from a user terminal, a service provider apparatus obtains the determination policy, and determines whether data in the at least one item designated in the determination policy fulfill the criterion recorded in the determination policy.
摘要:
A certificate management method is provided whereby a plurality of service providers have different reliable certificate authorities and, when certificates issued from the certificate authorities are implemented into a smart card, merely by revoking the certificate issued from the certificate authority on which the first service provider relies, all other implemented certificates can be revoked, and the certificates can be individually revoked. A system for implementing the method is provided. The certificate authorities n (n≧2) issue a certificate n by using a private key n′ corresponding to certificate n′ generated by using a certificate 1 issued from a certificate authority 1 which has previously been installed in the smart card and a corresponding private key 1. Thus, the issued certificates have a hierarchical chain relation. When the user wants to revoke all certificates, the certificate 1 issued from the certificate authority 1 is revoked.
摘要:
According to the invention, techniques for authenticating that a digitally signed document is genuine. Specific embodiments according to the present invention can determine whether a digital signature was generated by a digital signature generator, or if the digital signature was generated by a third party posing as the digital signature generator. Specific embodiments can provide independent verification of digital signer identity based upon prior signed messages, time/date stamps, and the like. Techniques according to the present invention can be embodied in methods, apparatus, computer software and systems.
摘要:
An electronic document authenticity assurance technique and an information disclosure system both of which can compatibly realize the assurance of the authenticity of disclosure documents and the deletion of information inappropriate for disclosure. An electronic document is divided into constituent elements and an electronic signature is affixed to an arbitrary subset of a set including all the constituent elements. Otherwise, an electronic signature is affixed to data obtained by binding each of the constituent elements to information specifying the relationship between a respective one of the constituent elements and the structure of the electronic document. Otherwise, the hash values of the respective constituent elements are calculated and an electronic signature is affixed to data obtained by binding the calculated hash values together. Otherwise, random numbers generated for the respective constituent elements are bound together, then the hash values of the respective random-numbered constituent elements are calculated, and then an electronic signature is affixed to data obtained by binding the calculated hash values together.
摘要:
A time stamp generating system has a time distribution server for generating time data depending on time and a user PC for holding time certification objective digital data. The time distribution server generates time data corresponding to a time point and distributes the time data. The user PC calculates time stamp generating data by using the time certification objective data as an input, acquires the time data generated by the time distribution server, and processes the time data on the basis of the time stamp generating data to obtain a time stamp.